AIO checker 2024[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

AIO checker 2024.rar
Size

12.5MB
MD5

82223fc5262e46c1d5d8f07bc3f45fc4
SHA1

89bb073f7e80328123328826b733e07ed70b605d
SHA256

478cbc06db0d5237d0d13e57ba94ec9d2e9ecbb796259a94798f164ebe9b4de8
SHA512

0b064e5cc2ab3db6438b41e54c8e554e898003bbe2f7eb035bf5ac3725530c6523d9bde9bd3df3f4e21186bed75f9d57369238e0fe88c0e5dbf781c8b4520a95
SSDEEP

196608:bJS2Pc+4WG4CXkjYdYhCoPhsLBscXaf7LaBm19GD5zug2Fd1gQniHe7oTDiM:bJLcRWG4C0jyhghcKfaBHD5iriH7TDiM

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AIO checker 2024.exe
unpack001/DscCore.dll
unpack001/DscCoreConfProv.dll
unpack001/drvstore.dll

Files

AIO checker 2024.rar
.rar

Password: 1234
AIO checker 2024.exe
.exe windows:6 windows x86 arch:x86

Password: 1234

90a754824211c648b161e0e146d30cbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetObjectContext

kernel32

SetEndOfFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cSs
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cHM
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f</
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J`F
Size: 12.6MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DscCore.dll
.dll regsvr32 windows:6 windows x64 arch:x64

Password: 1234

5c4f5e9d3de04ba637c8b0cb336d0cc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsccore.pdb

Imports

msvcrt

_wfopen_s
_wcsicmp
memset
fwscanf_s
fwprintf_s
_vsnwprintf
_waccess
_waccess_s
fseek
fclose
clock
_onexit
__dllonexit
wcsrchr
memcmp
memcpy
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
malloc
free
swprintf_s

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-2

SetThreadToken
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

mi

mi_clientFT_V1
MI_Application_InitializeV1

kernel32

ReleaseSemaphore
OpenSemaphoreW
FindFirstFileW
FindClose
FindNextFileW
ResetEvent
GetFileSize
GetComputerNameW
ReadFile
RemoveDirectoryW
WideCharToMultiByte
HeapReAlloc
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
GetTempFileNameW
CreateProcessW
HeapAlloc
HeapFree
CreateDirectoryW
WaitForSingleObject
GetCurrentThread
GetProcessHeap
WriteFile
CopyFileW
FormatMessageW
GetExitCodeProcess
CreateFileW
MultiByteToWideChar
GetTempPathW
SetLastError
GetLocalTime
DeleteCriticalSection
CloseHandle
DeleteFileW
LocalFree
ExpandEnvironmentStringsW
SetEvent
InitializeCriticalSectionAndSpinCount

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoCreateInstance

dscpspluginwkr

StopCurrentPSConfiguration
Pull_GetConfiguration_ManagedPlugin
Test
Get
Pull_InstallCertificate_ManagedPlugin
Pull_GetAction_ManagedPlugin
Set
GetResourceProvider

mimofcodec

MI_Application_NewSerializer_Mof
MI_Application_NewDeserializer_Mof

ntdll

WinSqmAddToStreamEx
WinSqmEndSession
WinSqmStartSession

api-ms-win-security-base-l1-2-0

ImpersonateSelf
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation

crypt32

CryptAcquireCertificatePrivateKey
CryptStringToBinaryW
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CryptBinaryToStringA

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-shutdown-l1-1-1

InitiateSystemShutdownExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW

cryptsp

CryptDecrypt
CryptGetUserKey

miutils

QualifierFlavorToWMI
Instance_New
ResultFromHRESULT
ResultToHRESULT
TypeToCimType
ValueToVariant

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Exports

Exports

CATraps
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
LCMTraps
MI_Main
NITS
NITS_PRESENCE

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DscCoreConfProv.dll
.dll regsvr32 windows:6 windows x64 arch:x64

Password: 1234

1d21f3140d0d1815b30431e6647792c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DscCoreConfProv.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
wcspbrk
towlower
_lock
_vsnwprintf
??0exception@@QEAA@XZ
__C_specific_handler
_wcsicmp
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
fputws
??1exception@@UEAA@XZ
_wmakepath_s
_onexit
wcsncmp
feof
?what@exception@@UEBAPEBDXZ
_wfsopen
fread
memmove_s
_get_errno
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
malloc
fclose
ferror
swprintf_s
__dllonexit
_wfopen_s
wcscpy_s
free
_wcserror_s
_wsplitpath_s
_unlock
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-file-l1-2-1

WriteFile
FindNextFileW
DeleteFileW
CreateFileW
FindFirstFileExW
CreateDirectoryW
RemoveDirectoryW
GetFileSize
SetFileAttributesW
FindFirstFileW
FindClose
ReadFile

mpr

WNetCancelConnection2W
WNetAddConnection2W

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

ReleaseSemaphore
Sleep
WaitForSingleObject
OpenSemaphoreW

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerW
PathRemoveFileSpecW
PathFindNextComponentW
PathCombineW
PathRemoveBackslashW
PathCanonicalizeW
PathStripToRootW
PathIsRootW

api-ms-win-core-kernel32-legacy-l1-1-1

GetComputerNameW
CopyFileW

cryptsp

CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash

mi

mi_clientFT_V1
MI_Application_InitializeV1

mimofcodec

MI_Application_NewDeserializer_Mof
MI_Application_NewSerializer_Mof

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
NITS
NITS_PRESENCE
NativeProviderTraps

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
drvstore.dll
.dll windows:6 windows x64 arch:x64

Password: 1234

6d870c47b3b76e4c1d34231c2eb3d0f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

drvstore.pdb

Imports

msvcrt

memcpy
__C_specific_handler
_initterm
malloc
free
wcsncmp
_amsg_exit
_XcptFilter
wcstol
_ultow_s
swprintf_s
swscanf
bsearch
toupper
towupper
_vsnprintf
_resetstkoflw
_wcsnicmp
wcstoul
iswxdigit
swscanf_s
memset
wcsstr
wcsrchr
memmove
_wcsicmp
wcschr
_vsnwprintf
memcmp
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtEnumerateKey
NtEnumerateValueKey
NtQueryKey
RtlInitUnicodeStringEx
NtQueryValueKey
NtOpenKey
RtlIsTextUnicode
RtlGetVersion
RtlNtStatusToDosErrorNoTeb
NtCreateFile
RtlInitUnicodeString
LdrUnloadDll
LdrGetProcedureAddress
LdrLoadDll
RtlGetAce
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlValidSid
RtlGetSaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlMapGenericMask
RtlGetDaclSecurityDescriptor
RtlInitializeSid
RtlSelfRelativeToAbsoluteSD2
RtlMakeSelfRelativeSD
RtlGetOwnerSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeChar
NtQuerySystemInformation
RtlGUIDFromString
RtlRandomEx
RtlImageNtHeader
NtSetInformationFile
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtDeleteKey
NtCreateKey
NtSetValueKey
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeHeap
NtOpenThreadTokenEx
NtOpenProcessTokenEx
NtQueryInformationToken
RtlEqualSid
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
RtlEqualUnicodeString
RtlPrefixUnicodeString
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
NtOpenThreadToken
NtOpenProcessToken
NtQuerySecurityObject
NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
RtlCopySid
RtlAddAce
NtSetSecurityObject
NtDeleteValueKey
NtQueryObject
NtDuplicateObject
RtlTimeToTimeFields
LdrGetDllHandle
RtlInitAnsiString
RtlCreateUnicodeString
RtlDuplicateUnicodeString
RtlGetLastNtStatus
VerSetConditionMask
RtlVerifyVersionInfo
NtOpenProcess
NtQueryInformationProcess
NtQueryInformationFile
NtClose
RtlNtStatusToDosError

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
SleepEx
CreateMutexW
LeaveCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateEventW
ReleaseMutex
SetEvent

api-ms-win-core-file-l1-1-0

WriteFile
GetTempFileNameW
FindFirstFileW
CreateDirectoryW
GetShortPathNameW
ReadFile
GetFileSizeEx
LocalFileTimeToFileTime
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
FileTimeToLocalFileTime
SetFileTime
CompareFileTime
GetFileTime
FindClose
SetEndOfFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileA
SetFilePointer
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
FindNextFileW
RemoveDirectoryW
GetDriveTypeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
GetStringTypeExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcmpW
lstrlenA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegUnLoadKeyW
RegDeleteValueW
RegCreateKeyExW
RegSaveKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegQueryValueExW
RegDeleteKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
IsValidSecurityDescriptor
MakeSelfRelativeSD
FreeSid
SetSecurityDescriptorGroup
EqualSid
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
AllocateAndInitializeSid
SetFileSecurityW
AdjustTokenPrivileges
GetKernelObjectSecurity
DuplicateTokenEx
GetFileSecurityW
CheckTokenMembership
SetKernelObjectSecurity

api-ms-win-core-file-l2-1-0

MoveFileExW
CopyFileExW
CreateHardLinkW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
GetProcAddress
LoadLibraryExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

GetThreadLocale
LCMapStringW
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentVariableW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsAlloc
GetCurrentProcess
GetCurrentThread
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-processsecurity-l1-1-0

SetThreadToken
OpenProcessToken
OpenThreadToken

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

api-ms-win-core-file-l1-2-0

GetTempPathW

Exports

Exports

DriverPackageClose
DriverPackageEnumClassesW
DriverPackageEnumConfigurationsW
DriverPackageEnumDevicesW
DriverPackageEnumDriversW
DriverPackageEnumFilesW
DriverPackageEnumInterfacesW
DriverPackageEnumPropertiesW
DriverPackageEnumRegKeysW
DriverPackageEnumServicesW
DriverPackageGetVersionInfoW
DriverPackageOpenW
DriverStoreClose
DriverStoreConfigureW
DriverStoreCopyW
DriverStoreDeleteW
DriverStoreDriverPackageResolveCallbackW
DriverStoreEnumObjectsW
DriverStoreEnumW
DriverStoreFindW
DriverStoreGetObjectPropertyKeysW
DriverStoreGetObjectPropertyW
DriverStoreImportW
DriverStoreOfflineAddDriverPackageA
DriverStoreOfflineAddDriverPackageW
DriverStoreOfflineDeleteDriverPackageA
DriverStoreOfflineDeleteDriverPackageW
DriverStoreOfflineEnumDriverPackageA
DriverStoreOfflineEnumDriverPackageW
DriverStoreOfflineFindDriverPackageA
DriverStoreOfflineFindDriverPackageW
DriverStoreOpenW
DriverStorePublishW
DriverStoreReflectCriticalW
DriverStoreReflectW
DriverStoreSetLogContext
DriverStoreSetObjectPropertyW
DriverStoreUnconfigureW
DriverStoreUnpublishW
DriverStoreUnreflectCriticalW
DriverStoreUnreflectW
pServerDeleteDriverPackage
pServerImportDriverPackage

Sections

.text
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

90a754824211c648b161e0e146d30cbf

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

Sections

.text Size: - Virtual size: 160KB

.rdata Size: - Virtual size: 59KB

.data Size: - Virtual size: 12KB

.cSs Size: - Virtual size: 1.5MB

.cHM Size: - Virtual size: 6.0MB

.f</ Size: 1KB - Virtual size: 1KB

.J`F Size: 12.6MB - Virtual size: 12.6MB

.reloc Size: 2KB - Virtual size: 1KB

Password: 1234

5c4f5e9d3de04ba637c8b0cb336d0cc1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

mi

kernel32

ole32

dscpspluginwkr

mimofcodec

ntdll

api-ms-win-security-base-l1-2-0

crypt32

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-shutdown-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

cryptsp

miutils

oleaut32

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 171KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

Password: 1234

1d21f3140d0d1815b30431e6647792c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-file-l1-2-1

mpr

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

.text
Size: - Virtual size: 160KB

.rdata
Size: - Virtual size: 59KB

.data
Size: - Virtual size: 12KB

.cSs
Size: - Virtual size: 1.5MB

.cHM
Size: - Virtual size: 6.0MB

.f</
Size: 1KB - Virtual size: 1KB

.J`F
Size: 12.6MB - Virtual size: 12.6MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 171KB - Virtual size: 171KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 669KB - Virtual size: 668KB

.data
Size: 15KB - Virtual size: 17KB

.pdata
Size: 17KB - Virtual size: 17KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 4KB